Как настроить squid?

A| Администрирование

Пытаюсь настроить прозрачный прокси. Почитал гайды, вроде настроил, но не работает, интерфейсы пингуются. Прошу помочь в настройке. Прикладываю настройки squid, лог работы, настройки интерфейсов.
squid.conf
#Разрешаем доступ из своей сети acl localnet src 10.86.0.0/24 acl localnet src 192.168.0.0/24 #Набор правил для доступа acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # HTTP доступ http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localhost http_access deny all # Порт и IP-адрес сервера http_port 3128 intercept http_port 192.168.2.1:3128 transparent # Допустимый обьем памяти ОЗУ cache_mem 1024 MB # Максимальный и минимальный размер кэшируемого файла maximum_object_size_in_memory 512 KB maximum_object_size 4 MB # Директория кэша и размер cache_dir ufs /var/spool/squid 2048 16 256 # Делаем прокси анонимным via off forwarded for delete
interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # WAN Interface auto enp3s2 iface enp3s2 inet static address 10.86.0.18 netmask 255.255.255.0 gateway 192.168.0.1 # LAN Interface auto enp1s0 iface enp1s0 inet static address 192.168.2.1 netmask 255.255.255.0 post -up /etc/nat

nat
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A INPUT -i lo -j ACCEPT iptables -A FORWARD -i enp1s0 -o enp3s2 -j ACCEPT iptables -t nat -A POSTROUTING -o enp3s2 -s 10.86.0.0/24 -j MASQUERADE iptables -A FORWARD -i enp3s2 -m state --state ESTABLISHED, RELATED -j ACCEPT iptables -A FORWARD -i enp3s2 -o enp1s0 -j REJECT iptables -t nat -A PREROUTING -i enp1s0! -d 10.86.0.0/24 -p tcp -m multiport --dport 80,8080 -j DNAT --to 192.168.2.1:3128

log
2016/09/20 16:22:56 kid1| Adaptation support is off. 2016/09/20 16:22:56 kid1| Accepting NAT intercepted HTTP Socket connections at local=[::]:3128 remote=[::] FD 17 flags=41 2016/09/20 16:22:56 kid1| Done reading /var/spool/squid swaplog (0 entries) 2016/09/20 16:22:56 kid1| Store rebuilding is 0.00% complete 2016/09/20 16:22:56 kid1| Finished rebuilding storage from disk. 2016/09/20 16:22:56 kid1| 0 Entries scanned 2016/09/20 16:22:56 kid1| 0 Invalid entries. 2016/09/20 16:22:56 kid1| 0 With invalid flags. 2016/09/20 16:22:56 kid1| 0 Objects loaded. 2016/09/20 16:22:56 kid1| 0 Objects expired. 2016/09/20 16:22:56 kid1| 0 Objects cancelled. 2016/09/20 16:22:56 kid1| 0 Duplicate URLs purged. 2016/09/20 16:22:56 kid1| 0 Swapfile clashes avoided. 2016/09/20 16:22:56 kid1| Took 0.06 seconds ( 0.00 objects/sec). 2016/09/20 16:22:56 kid1| Beginning Validation Procedure 2016/09/20 16:22:56| pinger: Initialising ICMP pinger… 2016/09/20 16:22:56| pinger: ICMP socket opened. 2016/09/20 16:22:56| pinger: ICMPv6 socket opened 2016/09/20 16:22:56 kid1| Completed Validation Procedure 2016/09/20 16:22:56 kid1| Validated 0 Entries 2016/09/20 16:22:56 kid1| store_swap_size = 0.00 KB 2016/09/20 16:22:56 kid1| ERROR: No forward-proxy ports configured. 2016/09/20 16:22:57 kid1| storeLateRelease: released 0 objects 2016/09/20 16:32:52 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.2.1:3128 remote=192.168.2.24:57805 FD 12 flags$ 2016/09/20 16:32:52 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.1:3128 remote=192.168.2.24:5780$ 2016/09/20 16:32:52 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.2.1:3128 remote=192.168.2.24:57807 FD 12 flags$ 2016/09/20 16:32:52 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.1:3128 remote=192.168.2.24:5780$ 2016/09/20 16:32:52 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.2.1:3128 remote=192.168.2.24:57809 FD 12 flags$ 2016/09/20 16:32:52 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.1:3128 remote=192.168.2.24:5780$ 2016/09/20 16:32:52 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.2.1:3128 remote=192.168.2.24:57811 FD 12 flags$ 2016/09/20 16:32:52 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.1:3128 remote=192.168.2.24:5781$ 2016/09/20 16:33:12 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.2.1:3128 remote=192.168.2.24:57880 FD 12 flags$ 2016/09/20 16:33:12 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.1:3128 remote=192.168.2.24:5788$ 2016/09/20 16:33:12 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.2.1:3128 remote=192.168.2.24:57879 FD 12 flags$ 2016/09/20 16:33:12 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.1:3128 remote=192.168.2.24:5787$ 2016/09/20 16:33:12 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.2.1:3128 remote=192.168.2.24:57882 FD 12 flags$ 2016/09/20 16:33:12 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.1:3128 remote=192.168.2.24:5788$ 2016/09/20 16:33:12 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.2.1:3128 remote=192.168.2.24:57884 FD 12 flags$ 2016/09/20 16:33:12 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.1:3128 remote=192.168.2.24:5788$ 2016/09/20 16:33:17 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.1:3128 remote=192.168.2.24:5788$ 2016/09/20 16:33:23 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.2.1:3128 remote=192.168.2.24:57888 FD 12 flags$ 2016/09/20 16:33:23 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.2.1:3128 remote=192.168.2.24:5788$ 2016/09/20 16:33:38 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=10.86.0.18:3128 remote=10.86.0.24:57891 FD 12 flags=33$ 2016/09/20 16:33:38 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=10.86.0.18:3128 remote=10.86.0.24:57891 F$ 2016/09/20 16:33:38 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=10.86.0.18:3128 remote=10.86.0.24:57892 FD 12 flags=33$ 2016/09/20 16:33:38 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=10.86.0.18:3128 remote=10.86.0.24:57892 F$ 2016/09/20 16:33:38 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=10.86.0.18:3128 remote=10.86.0.24:57894 FD 12 flags=33$ 2016/09/20 16:33:38 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=10.86.0.18:3128 remote=10.86.0.24:57894 F$ 2016/09/20 16:33:39 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=10.86.0.18:3128 remote=10.86.0.24:57896 FD 12 flags=33$ 2016/09/20 16:33:39 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=10.86.0.18:3128 remote=10.86.0.24:57896 F$ 2016/09/20 16:33:44 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=10.86.0.18:3128 remote=10.86.0.24:57900 FD 12 flags=33$ 2016/09/20 16:33:44 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=10.86.0.18:3128 remote=10.86.0.24:57900 F$ 2016/09/20 16:36:23 kid1| Preparing for shutdown after 0 requests 2016/09/20 16:36:23 kid1| Waiting 30 seconds for active connections to finish 2016/09/20 16:36:23 kid1| Closing HTTP port [::]:3128 2016/09/20 16:36:23 kid1| Closing HTTP port 192.168.2.1:3128 2016/09/20 16:36:23 kid1| Closing Pinger socket on FD 20 2016/09/20 16:36:37| Pinger exiting. 2016/09/20 16:36:54 kid1| Shutdown: NTLM authentication. 2016/09/20 16:36:54 kid1| Shutdown: Negotiate authentication. 2016/09/20 16:36:54 kid1| Shutdown: Digest authentication. 2016/09/20 16:36:54 kid1| Shutdown: Basic authentication. 2016/09/20 16:36:54 kid1| Shutting down… 2016/09/20 16:36:54 kid1| Closing unlinkd pipe on FD 14 2016/09/20 16:36:54 kid1| storeDirWriteCleanLogs: Starting… 2016/09/20 16:36:54 kid1| Finished. Wrote 0 entries. 2016/09/20 16:36:54 kid1| Took 0.00 seconds ( 0.00 entries/sec). CPU Usage: 0.120 seconds = 0.056 user + 0.064 sys Maximum Resident Size: 108768 KB Page faults with physical i/o: 1 2016/09/20 16:36:54 kid1| Logfile: closing log daemon:/var/log/squid/access.log 2016/09/20 16:36:54 kid1| Logfile Daemon: closing log daemon:/var/log/squid/access.log 2016/09/20 16:36:54 kid1| Open FD UNSTARTED 6 DNS Socket IPv6 2016/09/20 16:36:54 kid1| Open FD UNSTARTED 8 DNS Socket IPv4 2016/09/20 16:36:54 kid1| Open FD UNSTARTED 9 IPC UNIX STREAM Parent 2016/09/20 16:36:54 kid1| Squid Cache (Version 3.5.12): Exiting normally.

На момент настройки, оборудование размещается так:

squid

Нет комментариев

Только зарегистрированные и авторизованные пользователи могут оставлять комментарии

Host.Community | hcom.link

Как настроить squid?

Похожие публикации

Почему вылетает squid?

Как настроить squid.conf так, чтобы белый список работал с http и https одновременно?

Нет комментариев

HS| Host.Community

ИЩУ| Хостинг backup, хранилище, storage

ИЩУ| Dedic, Baremetal, Dedic-Server

ИЩУ| VM, Cloud

ИЩУ| Хостинг шаред vip-хостинг

S| DCImanager

S| VMmanager

S| cPanel

S| BILLmanager

S| WHMCS